mod_ssl can now be configured to use an
OCSP server to check the validation status of a client
certificate. The default responder is configurable, along with
the decision on whether to prefer the responder designated in
the client certificate itself.

mod_ssl now also supports OCSP stapling, where the
server pro-actively obtains an OCSP verification of its certificate and
transmits that to the client during the handshake.

mod_ssl can now be configured to share SSL Session
data between servers through memcached

The ProxyPass directive
is now most optimally configured within a
Location or
LocationMatch
block, and offers a significant performance advantage over the traditional
two-parameter syntax when present in large numbers.

The source address used for proxy requests is now configurable.

Support for Unix domain sockets to the backend (available in 2.4.7
and later).

Translation of headers to environment variables is more strict than
before to mitigate some possible cross-site-scripting attacks via header
injection. Headers containing invalid characters (including underscores)
are now silently dropped. Environment Variables
in Apache has some pointers on how to work around broken legacy
clients which require such headers. (This affects all modules which
use these environment variables.)

mod_ldap adds
LDAPConnectionPoolTTL,
LDAPTimeout, and
other improvements in the handling of timeouts.
This is especially useful for setups where a
stateful firewall drops idle connections to the LDAP server.

The mod_rewrite documentation has been
rearranged and almost completely rewritten, with a focus on
examples and common usage, as well as on showing you when other
solutions are more appropriate. The Rewrite
Guide is now a top-level section with much more detail and
better organization.

mod_ssl

The mod_ssl documentation has been greatly
enhanced, with more examples at the getting started level, in
addition to the previous focus on technical details.

Caching Guide

The Caching Guide has been rewritten
to properly distinguish between the RFC2616 HTTP/1.1 caching
features provided by mod_cache, and the generic
key/value caching provided by the socache
interface, as well as to cover specialised caching provided by
mechanisms such as mod_file_cache.

A new hook, check_config, has been added which runs
between the pre_config and open_logs
hooks. It also runs before the test_config hook
when the -t option is passed to
httpd. The check_config hook
allows modules to review interdependent configuration directive
values and adjust them while messages can still be logged to the
console. The user can thus be alerted to misconfiguration problems
before the core open_logs hook function redirects
console output to the error log.

Expression Parser Added

We now have a general-purpose expression parser, whose API is
exposed in ap_expr.h. This is adapted from the
expression parser previously implemented in
mod_ssl.

Authorization Logic Containers

Authorization modules now register as a provider, via
ap_register_auth_provider(), to support advanced authorization logic,
such as <RequireAll>.

Small-Object Caching Interface

The ap_socache.h header exposes a provider-based
interface for caching small data objects, based on the previous
implementation of the mod_ssl session cache.
Providers using a shared-memory cyclic buffer, disk-based dbm
files, and a memcache distributed cache are currently
supported.

Cache Status Hook Added

The mod_cache module now includes a new
cache_status hook, which is called when the caching
decision becomes known. A default implementation is provided
which adds an optional X-Cache and
X-Cache-Detail header to the response.

Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.